diff --git a/proposals/4228-search-redirection.md b/proposals/4228-search-redirection.md
index 14751ff47..1d90f25b7 100644
--- a/proposals/4228-search-redirection.md
+++ b/proposals/4228-search-redirection.md
@@ -53,6 +53,8 @@ For the federation endpoint specifically, the local user SHOULD have the remote
 straight through to them, however some implementations may prefer to replace the error before serving
 it to their users. This can help reduce the potential of remote Cross-Server Scripting (XSS) attacks.
 
+When to return `403 M_FORBIDDEN` is left as an implementation detail.
+
 ### Example
 
 A user makes a request to `/_matrix/client/v3/publicRooms` with a search term of `something illegal`.